HN
Today

U of T researchers demonstrate AI worm could target any online device

University of Toronto researchers have unveiled a prototype AI worm, demonstrating how publicly available AI models can power self-adapting malware capable of targeting any online device. This groundbreaking research, conducted in a secure environment, reveals a new class of cyberthreat that bypasses traditional defenses and can hijack computing power at virtually no cost. It's a sobering look at the evolving cybersecurity landscape, compelling immediate attention from developers, policymakers, and everyday users alike to bolster our digital defenses.

10
Score
2
Comments
#12
Highest Rank
11h
on Front Page
First Seen
Jun 3, 6:00 AM
Last Seen
Jun 3, 4:00 PM
Rank Over Time
1215182116191723212526

The Lowdown

Researchers at the University of Toronto's CleverHans Lab have demonstrated the existence of a new, highly sophisticated cyberthreat: an AI-powered worm. This novel malware utilizes publicly accessible, open-weight AI models to adapt its attack strategy as it spreads, posing a significant risk to virtually any internet-connected device, from laptops to critical infrastructure, while circumventing current cybersecurity measures.

  • Adaptive AI Worm: The researchers built a proof-of-concept AI worm that learns and adapts its attack strategy in real-time using free, open-weight AI models, making it far more dynamic than traditional worms.
  • Low-Cost & Self-Propagating: Once launched, the worm can spread by exploiting known vulnerabilities, gathering information, and siphoning computing power from compromised devices to fuel its further proliferation, dramatically reducing the cost for attackers.
  • Widespread Vulnerability: Unlike previous AI-related threats, this worm targets underlying software, meaning any internet-connected device – including smart thermostats, cameras, and printers – is a potential target, not just AI systems.
  • Proactive Disclosure: Led by Nicolas Papernot, the team conducted this research in a secure, controlled environment and responsibly disclosed their findings to national security bodies before publication, aiming to pre-empt malicious actors and galvanize defense efforts.
  • Urgent Call for Action: The research highlights that current defenses are unprepared, urging individuals and organizations to adopt better security hygiene, including regular patching, strong passwords, and multi-factor authentication, as a collective defense strategy. This pioneering work signifies a "new era of cyberthreats," emphasizing that technical expertise, rather than cutting-edge AI, is the primary requirement for deploying such a worm. The U of T team is now focused on developing countermeasures, stressing the critical need for collaborative action from academia, industry, and government to build a safer, more resilient digital ecosystem.